help-hurd
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Bug#184345: and _PC_PIPE_BUF..


From: Torsten Landschoff
Subject: Re: Bug#184345: and _PC_PIPE_BUF..
Date: Wed, 18 Jun 2003 10:38:07 +0200
User-agent: Mutt/1.5.3i

Hi *, 

Sorry, I am late in the discussion, did not work on gs for quite a
while.

On Sun, Apr 27, 2003 at 01:50:44AM +0200, Robert Millan wrote:

> > If PIPE_BUF is larger than that size, and the other end of the
> > pipe writes lots of data, you will get a buffer overflow, and
> > depending on context, that can turn out to be a security hole big
> > enough to drive a truck through it. The size argument to read must
> > *never* be larger than the size of the buffer passed to read.
> 
> true.. then the code is wrong unless PIPE_BUF is used in the pk
> declaration, which doesn't seem to be the case.

FYI: The ijs driver is not for a networked printer but rather to run
drivers as separate programs from gs. I guess the read was written 
that way to be able to work with newer versions of the protocol where
the command might be longer. Of course the code is wrong because the
read could transport more bytes than there is buffer space available. 

I'll therefore replace the PIPE_BUF parameter by sizeof(PK) and report 
this problem upstream.

Greetings

        Torsten

Attachment: pgpsRVA20WKxQ.pgp
Description: PGP signature


reply via email to

[Prev in Thread] Current Thread [Next in Thread]